I ran into an interesting marketing scam yesterday.  I was working on my computer when I got an IM from my brother-in-law, with a simple link:  [hisname].yoimgz.com.  He’s a pretty savvy computer user, and he and I have done several websites, so I figured he was doing a new website that he wanted me to look at or had discovered a new service, so I clicked on it.  I got a page that said it was pictures for MSN Friends, and asked me to log into my MSN account to proceed.  Didn’t think much of it, so I did, and then skipped through the next three pages of marketing come-ons.  Unfortunately, that was it.  No pictures from my brother-in-law, or website he was working on…  nothing but ridiculous website marketing.  I figured I must have done something wrong, so I tried it again, and got only one page of marketing, with nothing else.  I went back to my IM client to ask him what the site was, and I had been disconnected from my MSN service.  So I reconnected, but he wasn’t online, so I sent him an email.  A few minutes later I was disconnected from MSN again, so I figured they must be having problems and logged out of MSN altogether.

Several hours later, I got an email from my brother-in-law saying that he had gotten a virus a week ago or so and that I shouldn’t follow the link (too late!) and probably ought to scan my computer, which I did immediately.  Nothing.  I also changed my password on MSN, just for good measure.  Since I still had the history, I went back to the website to see if I could determine what they were trying to do (having a fear that they were phishing or trying to install keylogging, etc.)  I found an interesting legal disclaimer (in gray text, below the normal screen parameters so it wouldn’t be noticable) on the site.  Among other things, it claimed it was a perfectly legitimate “upcomming community” and that, among other things, by signing into your MSN account, you authorized them to “spread the word” about this upcoming site and that you would receive your share of the credit.  It goes on further to state that, by “logging in”, you authorize them to:

“temporarily access your MSN account to do a combination of the following:

1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.”

Unbelievable, no? They go on further to state that by hijacking your MSN account (of course they don’t use this language, but that is what they are doing), they are not agreeing to MSN’s terms of service and are not bound by them as you are, and that they are governed by the laws of Panama.

So, long story short, be careful of links in an IM, and a site called yoimgz.com.  And if you received a text message from me with a link in it (before I changed my password), hopefully you didn’t click on it, and if you did, change your password and let your friends know about this.  Maybe we can catch up to them…

Update – looks like another of my MSN friends has it, since I just got a text from his MSN account and he’s not online, this one with a link to a “realdealzz.com” website, with my MSN username at the first of it.